private static final long serialVersionUID = -2596733469159940154L;
- private CertificateOwner target;
+ private final CertificateOwner target;
- private User actor;
+ private final User actor;
- private String supporterTicketId;
+ private final String supporterTicketId;
- public AuthorizationContext(CertificateOwner target, User actor) {
+ private final boolean isStronglyAuthenticated;
+
+ public AuthorizationContext(CertificateOwner target, User actor, boolean isStronglyAuthenticated) {
+ if (actor == null) {
+ throw new Error("Internal Error: The actor of an AuthorizationContext must not be null!");
+ }
+ if (target == null) {
+ throw new Error("Internal Error: The target of an AuthorizationContext must not be null!");
+ }
this.target = target;
this.actor = actor;
+ this.supporterTicketId = null;
+ this.isStronglyAuthenticated = isStronglyAuthenticated;
}
public AuthorizationContext(User actor, String supporterTicket) throws GigiApiException {
+ if (actor == null) {
+ throw new Error("Internal Error: The actor of an AuthorizationContext must not be null!");
+ }
+ if (supporterTicket == null) {
+ throw new Error("Internal Error: The AuthorizationContext for a Support Engineer requires a valid ticket!");
+ }
this.target = actor;
this.actor = actor;
if ( !isInGroup(Group.SUPPORTER)) {
throw new GigiApiException("requires a supporter");
}
- supporterTicketId = supporterTicket;
+ this.supporterTicketId = supporterTicket;
+ this.isStronglyAuthenticated = true;
}
public CertificateOwner getTarget() {
return actor.isInGroup(g);
}
- public User getActor(AuthorizationContext ac) {
+ public static User getActor(AuthorizationContext ac) {
if (ac == null) {
return null;
}
}
public boolean canSupport() {
- return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER);
+ return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER) && isStronglyAuthenticated() && ((User) target).hasValidSupportChallenge();
}
- private static final SprintfCommand sp = new SprintfCommand("Logged in as {0} via {1}.", Arrays.asList("${username}", "${loginMethod}"));
+ private static final SprintfCommand sp = new SprintfCommand("Logged in as {0} via {1}.", Arrays.asList("${username", "${loginMethod"));
- private static final SprintfCommand inner = new SprintfCommand("{0} (on behalf of {1})", Arrays.asList("${user}", "${target}"));
+ private static final SprintfCommand inner = new SprintfCommand("{0}, acting as {1},", Arrays.asList("${user", "${target"));
@Override
public void output(PrintWriter out, Language l, Map<String, Object> vars) {
@Override
public void output(PrintWriter out, Language l, Map<String, Object> vars) {
if (target != actor) {
- vars.put("user", ((Organisation) target).getName().toString());
- vars.put("target", actor.getPreferredName().toString());
+ vars.put("target", ((Organisation) target).getName().toString());
+ vars.put("user", actor.getPreferredName().toString());
inner.output(out, l, vars);
} else {
out.println(actor.getPreferredName().toString());
}
}
- public boolean canAssure() {
- return target instanceof User && ((User) target).canAssure();
+ public boolean canVerify() {
+ return target instanceof User && ((User) target).canVerify() && isStronglyAuthenticated() && ((User) target).hasValidRAChallenge();
+ }
+
+ public boolean isStronglyAuthenticated() {
+ return isStronglyAuthenticated;
}
}